At the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK, protecting your privacy and preserving security of your health information and health data is our fundamental priority.
To ensure your data protection, we ask you to be informed of the present Data Processing Policy, regarding the processing of your personal data that is carried out in AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK.
At the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK, we collect and process your personal data in accordance with this Data Processing Policy and in compliance with EU Regulation 2016/679, the Greek data protection legislation (Law 4624/2019), the current legal framework for the provision of health services and the Code of Medical Conduct and Ethics (Law 3418/2005), as well as with the consents we receive from our patients. This policy provides you with the necessary information regarding your rights and obligations and explains how, why and when we collect and process your personal data.
This Policy is available at all points of reception of our premises, as well as on our website https://covid19.aegeanhealth.eu/. We intend to provide to every person who is receiving or is interested to receive medical services, concise, accurate and transparent information regarding the practices used for the management and protection of personal data. Similarly, with the present Policy, we are informing the visitors of our web site as well as of the social networks of the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK, about the processing of their personal data.
When you enter the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK, information about you, your contact information and identity, as well as your demographics, your clinical symptoms, the medical treatments you have received, your personal medical history, the medical treatment you are receiving, your family – medical history may be recorded, both in printed and digital media, to help us provide you with the best medical care and the full range of medical services that will be deemed appropriate for your diagnosis, as well as your treatment in general.
Your health record or patient’s file is the collection point of all the information that is collected in any contact you make as a patient with all our healthcare professionals. A file is created for each patient to support his assessment, diagnosis and treatment, continuity in his health care, clinical exchange of information, security and improvement of health care provided, and meet the requirements set by the legislation (Law 3418/2005) and the state. The information entered in the patient’s file is sensitive personal data and is therefore considered confidential.
AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK makes every possible effort to process only your personal data that is required to meet legal, regulatory and contractual obligations and in order to provide you with health services in accordance with international medical standards and best practices. We will never collect any unnecessary personal data from you and we will not process your data in any way other than what is stated in this policy. We take every possible and appropriate measure to only collect and process data that are absolutely necessary.
AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK reserves the right to modify and update this Policy whenever deemed necessary. The changes, will take effect when they publicly appear on our website. Any revised version of the present policy, which is made public on our website, prevails over any printed version.
- The terms ‘ personal data ‘,’ processing ‘,’ data controller ‘,’ data processor‘,’ data subject ‘,’genetic data‘, ‘ biometric data ‘,’ special categories of personal data ‘,’ Data Protection Officer‘ and ‘personal data breach‘ have the same meaning as in the GDPR of the EU (2016/679).
- Health Data: Health Data are Personal Data related to the physical or mental health of a subject, including the patient’s registry number, the health services provided, laboratory test values, such as, for example, COVID-19 test results etc.
- Transfer: Transfer of personal data is considered the disclosure of the Personal Data, with sender having the intention or being aware, that the recipient (or recipients) will gain access to it.
- Data Subject Request: The request submitted by the Data Subject to exercise any right under the Data Protection Legislation. All personal data inquiries can be sent to: firstname.lastname@example.org
DATA CONTROLLER DETAILS
AEGEAN HEALTH P.C.
CHARALAMPOUS 6A – 85100 RHODES
COMMERCE REGISTRY NUMBER 159524620000
TAX NUMBER 801580597
Tel.: (+30) 22410 35310
DATA CONTROLLER DETAILS
The personal data we collect from you are:
- Your Personal data: Contact details: name/surname, home address, occupation (according to article 26 of Law 4600/2019 FEK A’ 43 / 09-03-2019), personal e-mail, corporate e-mail, home phone, mobile phone, work phone, name/surname, and contact details of your escort and/or your family. Demographics and identity data: date of birth, identity card number, passport number, VAT number, AMKA (SOCIAL SECURITY), credit card numbers, insurance details if you use a health insurance policy from a private insurance company, etc.
- Your Special categories of data: The medical file in printed and electronic form, with the medical data and information necessary for the provision of health services.
HOW DO WE COLLECT PERSONAL DATA
The following means are used to collect your personal data:
- By asking you at the reception and service points
- By filing in the online forms at AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK website
- By filling in the documents that are intended to be your health records / patient’s file after receiving information that you provide to us and following your examination by the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK’s health professionals as well as the results of the diagnostic tests you are performing.
- When you provide your personal ID, your insurance policy number and you declare that you wish to make use of your insurance benefits.
- By the people accompanying you or having a legal right to act on your behalf (your personal representative) if you are under the age of 16 or you are unable to provide this information yourself.
PURPOSE & LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK processes your personal data, if processing is necessary, for the following purposes and according to the following legal bases.
- Your personal data (name, address, telephone, email, etc.) and your special categories of data (the medical file, in paper and electronic form, with medical data and information necessary for health services) will be subject to both automated and non-automated processing by the authorized personnel of the Data Controller for the purpose of providing health services. Your necessary personal data will also be used for appointment arrangement/confirmation, necessary communication in order for you to receive the results, communication for re-examination under current health protocols, test preparation, patient satisfaction survey. The legal basis for processing is the provision of medical services in accordance with the GDPR, Article 9, par. 2, (h’).
- Your personal data and your special categories of data will be subject to both automated and non-automated processing by the authorized personnel of the Data Controller if you are in a state of emergency or in a state where your life is threatened (purpose for processing). The legal basis for processing is the Protection of your Vital Interests under the GDPR, Article 9, par. 2, (c’).
- Your personal data and your special categories of data will be subject to both automated and non-automated processing by the authorized personnel of the Data Controller, when it is absolutely necessary, for the purposes of the legitimate interests of the Data Controller, as well as for the establishment, exercise, or defense of legal claims of the Data Controller (purpose for processing). The legal basis is the legitimate interest of the Data Controller under the GDPR, Article 6, par. 1, (f’)regarding your personal data, and for the special categories of data, according to the GDPR, Article 9, par. 2, (f’).
- Your personal data and your special categories of data will be subject to both automated and non-automated processing by the authorized personnel of the Data Controller, when you have given your explicit consent and authorization for a specific purpose (e.g. if you want to be compensated for your Covid test costs by your insurance company, or in the case you have given us your explicit consent to contact you for the purpose of informing you for products and services of our company) (purpose for processing). The legal basis for processing is your explicit consent, in accordance with the GDPR, Article 9, par. 2 (a’). You have the right to withdraw your consent at any time by contacting the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK in writing, a fact that however will not affect in any way the lawfulness of the processing made until the withdrawal of your consent.
- Your personal data and your special categories of data will be transferred to your social security institution for the purpose of covering your hospital costs. The legal basis for processing is carrying out specific rights of the Data Controller in the field of social security, and is carried out in accordance with the GDPR, Article 9, par. 2, (b’).
- Your personal data and special categories of data will be transferred to public authorities, if it is required by law, in accordance with the GDPR, Article 4, (9).
RECIPIENTS OF YOUR PERSONAL DATA
We do not share or disclose your personal data without your consent for any other than the purposes set out in this policy or where it is required by law. AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK uses selected partners to provide the following services and business functions, however all the processors acting on our behalf, process your personal data in accordance with the instructions they receive from us and fully comply with this policy, the data protection laws and any other appropriate confidentiality and security measures. The main categories of data processors, with which we will share your data, include:
- External private or public sector diagnostic laboratories for specialized examinations
- Affiliated or external partners that collaborate with AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK
- Public Social Security Organizations / Health Funds
- Insurance Companies and their affiliated Audit Firms
- Suppliers of Medical Equipment to ensure “traceability” and protect your health
- IT service providers supporting and supporting information systems
- Supervisory Authorities and Organizations under the authority of the Ministry of Health
- Transport companies
AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK, as required by the legal framework, may transmit personal data for the purpose of execution of the contract between us, and in order to safeguard its legitimate interest regarding the collection and settlement of accounts, to financial institutions, law firms.
METHODS OR RECEIVING / SENDING MEDICAL RESULTS
AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK, in the context of the personal data protection practices it applies, adopts the following methods of delivering/sending your Medical Results:
- Direct communication and delivery of information containing personal data directly to you, our patient, and not to any third entity, using the contact information you have disclosed.
- The delivery of information that contains personal data to any third entity is only allowed if you, our patient, have consented and officially authorized each third entity for this purpose).
- The avoidance of sending personal health information by fax, and if it is deemed necessary, to confirm reception by the authorized recipient.
- The prioritization of using safe electronic means (e.g. e-mail) for external communication.
- The avoidance of transmitting personal health-related data by telephone except in exceptional cases, where data is only being transmitted to your doctors, in order to protect your vital interests.
- Sending medical results by post, only by registered mail.
At AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK, we adopt all the reasonable technical and organizational measures and precautions to protect and safeguard your personal data. We work hard to protect you and your data from unauthorized access, modification, transfer, deletion or any other processing, and we have created various levels of security measures such as role-based access management, strong password controls, network security checks, security incident response procedure and encryption.
HOW LONG DO WE KEEP YOUR DATA?
AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK maintains personal data only for as long as it is necessary. According to the Greek Law (3418/2005, FEK Α 287/28.11.2005, Article 14), we or third parties with which we collaborate (such as biomedical laboratories etc) are obliged to keep the data concerning your health for ten (10) years in case of private medical practices or for twenty (20) years in any other case, starting from your last visit. If you provided us with your explicit consent to the use of your personal data for marketing purposes, we will maintain this data until you notify us of something different and/or withdraw your consent, by sending a relevant written request to email@example.com , a fact that however will not affect in any way the lawfulness of the processing made until the withdrawal of your consent.
DATA SUBJECT RIGHTS
Regarding your personal data, you have the option of exercising the following rights, by submitting a written request in person or through your legally authorized representative at the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK’s premises or by sending the request by post, with your authenticated signature.
(a) Right to information and right of access to all personal data that the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK maintains and processes with respect to you, the type of processing, the purposes of processing, the recipients or categories of recipients of your personal data, as well as the personal data retention policy.
(b) Right to rectification. If you believe that we have any incomplete or inaccurate data about you, you have the right to ask us to correct and / or supplement this information.
(c) Right to delete your personal data in the following cases:
- when your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
- when you withdraw your consent based on which your personal data was processed and there is no other legal basis for processing
- when your personal data has been processed without the necessary legal basis
- When the law requires you to delete your personal data
(d) Right to limit processing in the following cases:
- when you dispute the accuracy of your personal data and until the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK verifies its accuracy
- when you are requesting the restriction of the processing of your personal data instead of deleting it
- when the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK no longer requires your personal data for the processing purposes, but your personal data is required by you for the foundation, exercise or support of legal claims
(e) Data Portability, i.e. you have the right to request the transfer of your data to another healthcare provider in Greece or abroad.
(f) Oppose your processing of your personal data unless there are compelling and legitimate reasons for processing, overriding your interests, rights and freedoms, or for the establishment, exercise or support of legal claims of AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK.
(g) Right to object to any direct marketing by us and / or any automated decision-making process we may be using.
The rights to delete or restrict the processing of personal data are not applicable if the processing or maintenance of data by the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK is mandatory or necessary under the law and for the foundation, exercise or support of its legal claims and rights or the fulfilling of its obligations.
In order to carry out any of the above rights, it is our strict policy to confirm your identity. This is to confirm that your personal data is protected and kept secure.
AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK will respond to your request free of charge, without delay and in any case within one month of receipt of the request, except in exceptional circumstances, when that deadline can be extended by a further two months if necessary, taking into account the complexity of the request and the number of requests. AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK will inform you of any extension within one month of receipt of the request, as well as of the reasons for the delay.
If it is not possible to meet your request, AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK will inform you without delay and at the latest within one month of the receipt of the request, about the reasons. Finally, you have the option to file a complaint to the Hellenic Data Protection Authority (HDPA) http://www.dpa.gr
DATA PROTECTION INQUIRIES
For any clarification regarding the processing of your personal data, please contact the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK: firstname.lastname@example.org
SOCIAL NETWORKS OF THE AEGEAN HEALTH HEALTHCARE AND MEDICAL NETWORK
Any publications or comments you send to the Social Networks of the AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK (for example, on our Facebook page), will be transmitted according to the terms of the relevant social networking platform (e.g. Facebook / Instagram).
Other organizations, not AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK, control these platforms. We are not responsible for this disclosure of your personal information. We encourage you to review the terms and privacy policies of your social networking platforms. This way, you will understand your information is used or shared, and how to prevent it if you are not satisfied with it.
AEGEAN HEALTH ΗEALTHCARE AND MEDICAL NETWORK’s website uses “Cookies”. Cookies are small pieces of information sent by us to your computer (via your web browser) and stored on your hard drive, to allow to our site to recognize you when you visit the site again in the future. Cookies collect statistics on your browsing activities, but they do not identify you as a person. They help us improve our web site and provide a better, more personalized service. Through the cookies implementation platform of our site, you can choose to which cookies to give your consent.